/
role_add.php
114 lines (98 loc) · 3.75 KB
/
role_add.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
// role_add.php - Page to add role to SiT!
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Paul Heaney <paul@sitracker.org>
$permission = 9; // Edit User Permissions
require ('core.php');
require (APPLICATION_LIBPATH . 'functions.inc.php');
// This page requires authentication
require (APPLICATION_LIBPATH.'auth.inc.php');
$submit = cleanvar($_REQUEST['submit']);
if (empty($submit))
{
$title = $strAddRole;
include (APPLICATION_INCPATH . 'htmlheader.inc.php');
echo show_form_errors('role_add');
clear_form_errors('role_add');
echo "<h2>{$strAddRole}</h2>";
echo "<form method='post' action='{$_SERVER['PHP_SELF']}'>";
echo "<table class='vertical'>";
echo "<tr><th>{$strName}</th>";
echo "<td><input class='required' size='30' name='rolename' /><span class='required'>{$strRequired}</span></td></tr>";
echo "<tr><th>{$strDescription}</th><td><textarea name='description' id='description' rows='5' cols='30'>{$_SESSION['formdata']['role_add']['description']}</textarea></td></tr>";
echo "<tr><th>{$strCopyFrom}</th><td>";
if ($_SESSION['formdata']['role_add']['roleid'] != '')
{
echo role_drop_down('copyfrom', $_SESSION['formdata']['role_add']['roleid']);
}
else
{
echo role_drop_down('copyfrom', 0);
}
echo "</td></tr>";
echo "</table>";
echo "<p><input name='submit' type='submit' value='{$strAddRole}' /></p>";
echo "</form>";
include (APPLICATION_INCPATH . 'htmlfooter.inc.php');
clear_form_data('role_add');
}
else
{
$rolename = cleanvar($_REQUEST['rolename']);
$description = cleanvar($_REQUEST['description']);
$copyfrom = cleanvar($_REQUEST['copyfrom']);
$_SESSION['formdata']['role_add'] = $_REQUEST;
if (empty($rolename))
{
$errors++;
$_SESSION['formerrors']['role_add']['rolename']= sprintf($strFieldMustNotBeBlank, $strName);
}
$sql = "SELECT * FROM `{$dbRoles}` WHERE rolename = '{$rolename}'";
$result = mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
if (mysql_num_rows($result) > 0)
{
$errors++;
$_SESSION['formerrors']['role_add']['duplicaterole']= "{$strADuplicateAlreadyExists}</p>\n";
}
if ($errors == 0)
{
$sql = "INSERT INTO `{$dbRoles}` (rolename, description) VALUES ('{$rolename}', '{$description}')";
$result = mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
$roleid = mysql_insert_id();
if ($roleid != 0)
{
clear_form_data('role_add');
clear_form_errors('role_add');
if (!empty($copyfrom))
{
$sql = "INSERT INTO `{$dbRolePermissions}` (roleid, permissionid, granted) ";
$sql .= "SELECT '{$roleid}', permissionid, granted FROM `{$dbRolePermissions}` WHERE roleid = {$copyfrom}";
$result = mysql_query($sql);
if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_ERROR);
// Note we dont check for affected rows as you could be copying from a permissionless role
html_redirect('edit_user_permissions.php', TRUE);
}
else
{
html_redirect('edit_user_permissions.php', TRUE);
}
}
else
{
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
}
else
{
html_redirect($_SERVER['PHP_SELF'], FALSE);
}
}
?>